0200f8f9c514147284dba553e6d7d82b210f2cbd83f5338ddefc00f101c676a6

Resubmissions

03/07/2023, 19:42

230703-yerbcsbc8t 8

Analysis

max time kernel
83s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ATLauncher.exe
Size

21.9MB
MD5

5b75fcf92add86804e81f97db2a45567
SHA1

01ba67af23c7733d71d6ada0b08efaab27c4b8f8
SHA256

0200f8f9c514147284dba553e6d7d82b210f2cbd83f5338ddefc00f101c676a6
SHA512

420fe6697b64be7372aa51e5b616720f2c665adcb3c32470d658346bb7df497758bc731e551a9ff10befabb5345c5942723940a15dc820226ebf08572cf13083
SSDEEP

393216:MfI0pj1PotgffvAz8z8sucFLAGTzMWHBPJclBgsId1lJhzq54B:MfIypAuffY8zz/pAGbCngsI0U

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
772	ATLauncher-setup-1.1.0.0.exe
2824	ATLauncher-setup-1.1.0.0.tmp
2448	7za.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
2824	ATLauncher-setup-1.1.0.0.tmp
2824	ATLauncher-setup-1.1.0.0.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
2824	ATLauncher-setup-1.1.0.0.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2712	javaw.exe
2712	javaw.exe
2712	javaw.exe
2712	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 2712	1336	ATLauncher.exe	79
PID 1336 wrote to memory of 2712	1336	ATLauncher.exe	79
PID 4816 wrote to memory of 1608	4816	chrome.exe	83
PID 4816 wrote to memory of 1608	4816	chrome.exe	83
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 348	4816	chrome.exe	85
PID 4816 wrote to memory of 5012	4816	chrome.exe	86
PID 4816 wrote to memory of 5012	4816	chrome.exe	86
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87
PID 4816 wrote to memory of 2908	4816	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Local\Temp\ATLauncher.exe;lib\oshi-core-6.1.6.jar;lib\jna-platform-5.11.0.jar;lib\jna-5.11.0.jar;lib\authlib-1.5.21.jar;lib\gson-2.9.0.jar;lib\guava-31.1-jre.jar;lib\xz-1.9.jar;lib\base64-2.3.9.jar;lib\discord-rpc-1.6.2.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.15.jar;lib\okhttp-tls-4.9.3.jar;lib\google-analytics-java-2.0.11.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.9.3.jar;lib\sentry-6.1.4.jar;lib\gettext-lib-88ae68d897.jar;lib\log4j-core-2.17.2.jar;lib\log4j-api-2.17.2.jar;lib\murmur-1.0.0.jar;lib\commons-text-1.10.0.jar;lib\commons-lang3-3.12.0.jar;lib\flatlaf-extras-2.3.jar;lib\flatlaf-2.3.jar;lib\jlhttp-2.6.jar;lib\joda-time-2.10.14.jar;lib\commons-compress-1.21.jar;lib\commonmark-0.19.0.jar;lib\dbus-java-3.3.1.jar;lib\failureaccess-1.0.1.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.12.0.jar;lib\error_prone_annotations-2.11.0.jar;lib\j2objc-annotations-1.3.jar;lib\httpclient-4.5.11.jar;lib\commons-codec-1.11.jar;lib\commons-io-2.4.jar;lib\jcl-over-slf4j-1.7.30.jar;lib\slf4j-api-1.7.36.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-2.9.0.jar;lib\kotlin-stdlib-jdk8-1.5.31.jar;lib\kotlin-stdlib-jdk7-1.5.31.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.5.31.jar;lib\antlr4-runtime-4.7.3.jar;lib\svgSalamander-1.1.3.jar;lib\jnr-unixsocket-0.38.6.jar;lib\kotlin-stdlib-common-1.5.31.jar;lib\annotations-13.0.jar;lib\httpcore-4.4.13.jar;lib\jnr-enxio-0.32.4.jar;lib\jnr-posix-3.1.5.jar;lib\jnr-ffi-2.2.2.jar;lib\jnr-constants-0.10.1.jar;lib\jffi-1.3.1.jar;lib\jffi-1.3.1-native.jar;lib\asm-commons-9.1.jar;lib\asm-util-9.1.jar;lib\asm-analysis-9.1.jar;lib\asm-tree-9.1.jar;lib\asm-9.1.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar" com.atlauncher.App
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ea49758,0x7ff94ea49768,0x7ff94ea49778
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:2
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3688 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1524
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7aad07688,0x7ff7aad07698,0x7ff7aad076a8
    3⤵
    PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5616 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3344 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3116 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3360 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4644 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4988 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4604 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4644 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5016 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2884 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4776 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6300 --field-trial-handle=1904,i,15887509491501670584,10297968634407711207,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Users\Admin\Downloads\ATLauncher-setup-1.1.0.0.exe
  "C:\Users\Admin\Downloads\ATLauncher-setup-1.1.0.0.exe"
  2⤵
  - Executes dropped EXE
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\is-71OT9.tmp\ATLauncher-setup-1.1.0.0.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-71OT9.tmp\ATLauncher-setup-1.1.0.0.tmp" /SL5="$130052,1526449,1202176,C:\Users\Admin\Downloads\ATLauncher-setup-1.1.0.0.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\is-GEOKK.tmp\7za.exe
      "C:\Users\Admin\AppData\Local\Temp\is-GEOKK.tmp\7za.exe" x "C:\Users\Admin\AppData\Local\Temp\is-GEOKK.tmp\jre.zip" -o"C:\Users\Admin\AppData\Roaming\ATLauncher\" * -r -aoa
      4⤵
      Executes dropped EXE
      PID:2448
  - - C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe
      "C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe"
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe
        
        "C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe;lib\oshi-core-6.1.6.jar;lib\jna-platform-5.11.0.jar;lib\jna-5.11.0.jar;lib\authlib-1.5.21.jar;lib\gson-2.9.0.jar;lib\guava-31.1-jre.jar;lib\xz-1.9.jar;lib\base64-2.3.9.jar;lib\discord-rpc-1.6.2.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.15.jar;lib\okhttp-tls-4.9.3.jar;lib\google-analytics-java-2.0.11.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.9.3.jar;lib\sentry-6.1.4.jar;lib\gettext-lib-88ae68d897.jar;lib\log4j-core-2.17.2.jar;lib\log4j-api-2.17.2.jar;lib\murmur-1.0.0.jar;lib\commons-text-1.10.0.jar;lib\commons-lang3-3.12.0.jar;lib\flatlaf-extras-2.3.jar;lib\flatlaf-2.3.jar;lib\jlhttp-2.6.jar;lib\joda-time-2.10.14.jar;lib\commons-compress-1.21.jar;lib\commonmark-0.19.0.jar;lib\dbus-java-3.3.1.jar;lib\failureaccess-1.0.1.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.12.0.jar;lib\error_prone_annotations-2.11.0.jar;lib\j2objc-annotations-1.3.jar;lib\httpclient-4.5.11.jar;lib\commons-codec-1.11.jar;lib\commons-io-2.4.jar;lib\jcl-over-slf4j-1.7.30.jar;lib\slf4j-api-1.7.36.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-2.9.0.jar;lib\kotlin-stdlib-jdk8-1.5.31.jar;lib\kotlin-stdlib-jdk7-1.5.31.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.5.31.jar;lib\antlr4-runtime-4.7.3.jar;lib\svgSalamander-1.1.3.jar;lib\jnr-unixsocket-0.38.6.jar;lib\kotlin-stdlib-common-1.5.31.jar;lib\annotations-13.0.jar;lib\httpcore-4.4.13.jar;lib\jnr-enxio-0.32.4.jar;lib\jnr-posix-3.1.5.jar;lib\jnr-ffi-2.2.2.jar;lib\jnr-constants-0.10.1.jar;lib\jffi-1.3.1.jar;lib\jffi-1.3.1-native.jar;lib\asm-commons-9.1.jar;lib\asm-util-9.1.jar;lib\asm-analysis-9.1.jar;lib\asm-tree-9.1.jar;lib\asm-9.1.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar" com.atlauncher.App
        5⤵
        
        PID:5080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1f6c1234d8f5bd2a435c8fa626def32f

SHA1
20d2b89a63d3bdaffb08da461b3e4ec4d4cc8d37

SHA256
8c28c51158f4b97d8c5012f67b4e24d31ca5fbbc02a9b39415c6cae6ba9e6b4b

SHA512
272b4d4a6c5ad91f17adf0a06810189e7eb1046caba79d6a5fc4284a1a6350bbcb431d8262cb72fe0477fe538e17ca402513572fcce0d239dd06be6470e6591e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
251150252699d4dedcdf12a6fae0d07a

SHA1
7ca2f3bbca385fc1feb6174442a1e79ada9be138

SHA256
030d48df920089f765de9e336a0d50e8d5cb29235752e56cf680e510a7b634aa

SHA512
c25e3667633e3070e8d723215a7f10455bf3cba2a6a0665cae333eef8b328857f6023c9db045f4ac3e39f7ad514f67dbfad85177afab241521fbc01e6596b245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc8c3b9df34de507c26784406b2d787f

SHA1
3520a5a89a989c4b1cd29a06564d3ef1fca8509c

SHA256
43c85b7ffb67484d7b8a21e73a2e6c1470fc6a58a82b65ff96a483610f8a7206

SHA512
11135715f848e78d1ab87ff544dea4edf1c931f51ff482064c964c44ebc383256ee039c65671cbc269c7d0cfabd7eecc86589ba71118ec9c224a9296c34e461c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5acb63ab5a620e2c48398b6423559884

SHA1
59e721394dbe7f9c0a029af03687f64b090e953e

SHA256
411d6c1f380212a0e6a0a4cea8255a35a39a4f74c586417f5f1985b3841f484b

SHA512
71442556069660698ecd1970cc8fa6cc7f1e2bd551b4db00c7063a10ea8f1afdf12c61ca38a1d13f5089a0aada0b9a0c5ea62556e8afc28c9ee4c9a7b753ced0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa41058604040fdab9b146b66af46198

SHA1
1533e2eca3aa2719ce2f4705e3fb00d679a0d9b8

SHA256
f92676642a41a851396fd1db26cdb2907c43bedccb9f9e792dd4330350f04e09

SHA512
0641ff852785216f0c76a1d73c85ef2537a032c7ed50468b9cf142370cad2df84f9cdf55d17a4ff3665298298bfdf75e942b92889aeee2f17ed5e1cc49ed3bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
21b8471b65b906ee565b90b30f9029d4

SHA1
2159cdc453e64fb39f7f26544a24171ca7c88c99

SHA256
82a144280262a116ea163110a66e6a92b11f4bbc35bca8517eb70d2d2b0c4ccb

SHA512
a65e5ae8278ea84fd4b8700499e32fd490ef06109b56bdbeac1bbb59b480164b5c943b90a692c0f8efc569b7e71e632ed23b29b3c720f93b2f0741c40cad1811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8c99dbb9af8ba15ff24dc7b1eed6b70

SHA1
4db7bedf43656b32ffe421d427154a1877a83fe2

SHA256
0627c900cad78bb8ad524cd6e2399056f828056a12fcdc0b18c2f96efacbc467

SHA512
56de2d8fb901204b06cfd01fd6fd7857b8ab850e947abd6ad82d48e8b63f2466c229e2c406cf5485f0d3587e7555b2a3b6afbc7425b9569a65fc8de0a18befed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
865f0c413781e294ac2db8bba6eef962

SHA1
7824fe2f5c2eb7544742da38f6aa8068131e2144

SHA256
b671926ac9219673406740e846534a08904f99a4cbedcb2f80f4232cfc33735b

SHA512
b62e4d4192c441d98ad1625805abb442e8688cebe0136ca66ec111453de5398b2d722321d8b39b5821ffdc79cc660537bcc798091898ca5f9d533e77d5652d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
18a62da3e8a5042c20970d5afb44efa5

SHA1
08938466869ec0712fc03e759cdb3a71d1e94f4a

SHA256
30a8aa37694d1f226f76e9c94e9ad44238e3f7aea16131ff44c663aae4f5819c

SHA512
4ec6e926054953af472e0a2f71c74dd5c3d61947e896ecc42985ae8e70ea6d565cf9c779a52563c319390a993a55fdc7ab07cc8e23ffec377e6716d8749b1c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
b0642541a2d4297530b0b360d4868109

SHA1
03acf50e7a7667931abeeb01c5804dc7cb7ae95f

SHA256
5e1f5a3dafa5fc92602f396bd3009155a4e0db5cccc6117707e82e026afaffb9

SHA512
c4a79700473c702e0d74daecf25142789bc1739989f19face7fc91b44197b1184df7091577ec30028f1696aa870fb9a0757ca4c48966334e632ff3fc724f0353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58503e.TMP

Filesize
105KB

MD5
091bd7edb6d8c1d34d0b8ce5d3cf5ce3

SHA1
3697ea13f835fa5d2ea16c491efd17ec900d9628

SHA256
1e3340e65adefabf3bfb2ebdbbf9a00d8c84f03bddfa03d55ea51cdb824db530

SHA512
d97ace2bf0c1c16ac4f701e12bca8e232542cb5c4c603bf679b227ba3635431325a426ae050ca8b88f921b7abd16ce9c4fbebdec073333018f1a47349ccc698a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71OT9.tmp\ATLauncher-setup-1.1.0.0.tmp

Filesize
3.4MB

MD5
1be2486aed74952c47fe38df49f206bd

SHA1
1bde8ae3ccf48870afdb880bbdc821c2cd72ed09

SHA256
c2b4f7cf25d80593f1db7465a8f66d346f58271d3a1ab1ab505885f063cf1a65

SHA512
f3549a9f594d749ea40d45b602d14843f025f4b671c9d3762c5910a90804ba77e4bb5dd3dcf55d3a02a50dba83c74cb34260b8f1e566885a989bf1af753b4b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-71OT9.tmp\ATLauncher-setup-1.1.0.0.tmp

Filesize
3.4MB

MD5
1be2486aed74952c47fe38df49f206bd

SHA1
1bde8ae3ccf48870afdb880bbdc821c2cd72ed09

SHA256
c2b4f7cf25d80593f1db7465a8f66d346f58271d3a1ab1ab505885f063cf1a65

SHA512
f3549a9f594d749ea40d45b602d14843f025f4b671c9d3762c5910a90804ba77e4bb5dd3dcf55d3a02a50dba83c74cb34260b8f1e566885a989bf1af753b4b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GEOKK.tmp\7za.exe

Filesize
722KB

MD5
43141e85e7c36e31b52b22ab94d5e574

SHA1
cfd7079a9b268d84b856dc668edbb9ab9ef35312

SHA256
ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

SHA512
9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GEOKK.tmp\7za.exe

Filesize
722KB

MD5
43141e85e7c36e31b52b22ab94d5e574

SHA1
cfd7079a9b268d84b856dc668edbb9ab9ef35312

SHA256
ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

SHA512
9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GEOKK.tmp\jre.zip

Filesize
41.1MB

MD5
9e7973bdac477b8bc34307b87437f88f

SHA1
5f14eb630ce7529e16af6ca2dba50d5b79ddcc64

SHA256
d77745fdb57b51116f7b8fabd7d251067edbe3c94ea18fa224f64d9584b41a97

SHA512
31594d572862ee9a600d4fc0d386a32e1d66e4d28ac73f4c89a102c78ba466f02d1ee8c54a7d68d533b0c85211a8bbc074abb2223a32c61cdd7af5a545297d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GEOKK.tmp\jre.zip

Filesize
41.1MB

MD5
9e7973bdac477b8bc34307b87437f88f

SHA1
5f14eb630ce7529e16af6ca2dba50d5b79ddcc64

SHA256
d77745fdb57b51116f7b8fabd7d251067edbe3c94ea18fa224f64d9584b41a97

SHA512
31594d572862ee9a600d4fc0d386a32e1d66e4d28ac73f4c89a102c78ba466f02d1ee8c54a7d68d533b0c85211a8bbc074abb2223a32c61cdd7af5a545297d8c

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe

Filesize
21.9MB

MD5
5b75fcf92add86804e81f97db2a45567

SHA1
01ba67af23c7733d71d6ada0b08efaab27c4b8f8

SHA256
0200f8f9c514147284dba553e6d7d82b210f2cbd83f5338ddefc00f101c676a6

SHA512
420fe6697b64be7372aa51e5b616720f2c665adcb3c32470d658346bb7df497758bc731e551a9ff10befabb5345c5942723940a15dc820226ebf08572cf13083

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe

Filesize
21.9MB

MD5
5b75fcf92add86804e81f97db2a45567

SHA1
01ba67af23c7733d71d6ada0b08efaab27c4b8f8

SHA256
0200f8f9c514147284dba553e6d7d82b210f2cbd83f5338ddefc00f101c676a6

SHA512
420fe6697b64be7372aa51e5b616720f2c665adcb3c32470d658346bb7df497758bc731e551a9ff10befabb5345c5942723940a15dc820226ebf08572cf13083

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe

Filesize
21.9MB

MD5
5b75fcf92add86804e81f97db2a45567

SHA1
01ba67af23c7733d71d6ada0b08efaab27c4b8f8

SHA256
0200f8f9c514147284dba553e6d7d82b210f2cbd83f5338ddefc00f101c676a6

SHA512
420fe6697b64be7372aa51e5b616720f2c665adcb3c32470d658346bb7df497758bc731e551a9ff10befabb5345c5942723940a15dc820226ebf08572cf13083

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jdk-17.0.3+7-jre\legal\java.desktop\ADDITIONAL_LICENSE_INFO

Filesize
49B

MD5
19c9d1d2aad61ce9cb8fb7f20ef1ca98

SHA1
2db86ab706d9b73feeb51a904be03b63bee92baf

SHA256
ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

SHA512
7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jdk-17.0.3+7-jre\legal\java.desktop\ASSEMBLY_EXCEPTION

Filesize
44B

MD5
7caf4cdbb99569deb047c20f1aad47c4

SHA1
24e7497426d27fe3c17774242883ccbed8f54b4d

SHA256
b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

SHA512
a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jdk-17.0.3+7-jre\legal\java.desktop\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\VCRUNTIME140.dll

Filesize
91KB

MD5
216159bcaa1bfe07a06de8c3d9b8f8af

SHA1
b4324e32aa0201a6d333cac94248932f15cdbf6a

SHA256
0635a22fa6f1a42b83b060d668cc5eb93f1a79c2f88c8f15ce42bb40b5bbb57b

SHA512
9889904b676315fab69d1e0f4b6d1ed33cb8cff6fe4913c85d4ef1480694d6a50f2e4066e77b2654e97695f37ee4667e4c99fc61a983f723ea7bc84dd1f0dc85

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\java.dll

Filesize
141KB

MD5
8db218b610ba358423c344724d1a941f

SHA1
d6647539d0e2d17e871524b86e78e1decee1cdff

SHA256
cfa967dd97ac786f60130206a0532b3646b9e8e406b03ed5eb2fdc26ff51a515

SHA512
e66d969bfa2e3096bb3ba9d9c5947d8428454d700bb04887f5a0050bbc54fcd53ec9b6bf577c1d16082595e209d85acc6ca9526ca9c1c4a9c889797a549aea94

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\java.dll

Filesize
141KB

MD5
8db218b610ba358423c344724d1a941f

SHA1
d6647539d0e2d17e871524b86e78e1decee1cdff

SHA256
cfa967dd97ac786f60130206a0532b3646b9e8e406b03ed5eb2fdc26ff51a515

SHA512
e66d969bfa2e3096bb3ba9d9c5947d8428454d700bb04887f5a0050bbc54fcd53ec9b6bf577c1d16082595e209d85acc6ca9526ca9c1c4a9c889797a549aea94

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe

Filesize
47KB

MD5
1f9f531524806f1b649806e4824db3e4

SHA1
f6adc7adb1e01a6b0333b8602d06d94cce05753f

SHA256
19c937531c65303712cd5983cb24bbcf566069fe363a270e3fcf0d72c96a3244

SHA512
b75b9d0efd3293f92cf0b826876fd50ea670e91a6627958d8c1b1f5c23b35fb04ffa781e5ee3413961fd4c59ba7bf205fa6a5ca58409b0c28472125165c5548b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jimage.dll

Filesize
31KB

MD5
64e606ee9b478ddf035460ad9a37eb90

SHA1
d9afde93e352ddcbf532d86b91098f44e6d0180b

SHA256
d6691e39c5b3500de0bb973d3ae70f6df3168b9c74fd952a40bfd093971535ec

SHA512
b2170d8e885004cd8254fe204e047e4dd8e1d4118865a8029e35bbbff14cfc201146f01b624794f86d711150bffda04d94a2884a437ecfe1ff8023172f219657

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jimage.dll

Filesize
31KB

MD5
64e606ee9b478ddf035460ad9a37eb90

SHA1
d9afde93e352ddcbf532d86b91098f44e6d0180b

SHA256
d6691e39c5b3500de0bb973d3ae70f6df3168b9c74fd952a40bfd093971535ec

SHA512
b2170d8e885004cd8254fe204e047e4dd8e1d4118865a8029e35bbbff14cfc201146f01b624794f86d711150bffda04d94a2884a437ecfe1ff8023172f219657

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jli.dll

Filesize
84KB

MD5
ae58a62ce533eb74f51eca1e0cb7a8be

SHA1
52224ea8ad340430c1b3a4e64fae687283b96200

SHA256
da40934dbfa280faa51375043403b13f6bfcacc39adecb50cfb8988c5b2f0b3d

SHA512
7594434b81dbf23392a839a9a3aecab914f3f9075adb6ae204ac82dc9445e13dcbb7292744f0453ce2f2cbf1f5fcd2e20f1221507e38e7f21e2173653633d0fc

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jli.dll

Filesize
84KB

MD5
ae58a62ce533eb74f51eca1e0cb7a8be

SHA1
52224ea8ad340430c1b3a4e64fae687283b96200

SHA256
da40934dbfa280faa51375043403b13f6bfcacc39adecb50cfb8988c5b2f0b3d

SHA512
7594434b81dbf23392a839a9a3aecab914f3f9075adb6ae204ac82dc9445e13dcbb7292744f0453ce2f2cbf1f5fcd2e20f1221507e38e7f21e2173653633d0fc

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jsvml.dll

Filesize
847KB

MD5
a3be1db39875100c2fa26dc5d98fd127

SHA1
487bf8a8bd0f4215b57bd4d02d548753668d2001

SHA256
482d5876488d13d23ac80c2282553fa3b73c02c26a78f6651eb4b23a1db6b6af

SHA512
bb9a42522cedb31590049a35e815109abfb9eaa7039a045cdc593b61463ec6cd2f387af1bfdd139c4a4b7b75e32496e6bbdae857667cdfa32efaa6caf336f8b7

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jsvml.dll

Filesize
847KB

MD5
a3be1db39875100c2fa26dc5d98fd127

SHA1
487bf8a8bd0f4215b57bd4d02d548753668d2001

SHA256
482d5876488d13d23ac80c2282553fa3b73c02c26a78f6651eb4b23a1db6b6af

SHA512
bb9a42522cedb31590049a35e815109abfb9eaa7039a045cdc593b61463ec6cd2f387af1bfdd139c4a4b7b75e32496e6bbdae857667cdfa32efaa6caf336f8b7

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\msvcp140.dll

Filesize
569KB

MD5
73e46e44d3a7f696717e2e90326b18b5

SHA1
d99ddba4c0f55071325ad1fb13550371a0c93bec

SHA256
22f3d034b0b557c766458dabdc86a51de6b0edb6d5f2d76158706ab4f566ec80

SHA512
dc1930cc96b31dfd95c7324706582551d1a10401428f35707ed0008c796e0c4c46c42792e9df2ccf944fbb935083c2a7609489663d7f2a1a4181bfa2f8971209

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\msvcp140.dll

Filesize
569KB

MD5
73e46e44d3a7f696717e2e90326b18b5

SHA1
d99ddba4c0f55071325ad1fb13550371a0c93bec

SHA256
22f3d034b0b557c766458dabdc86a51de6b0edb6d5f2d76158706ab4f566ec80

SHA512
dc1930cc96b31dfd95c7324706582551d1a10401428f35707ed0008c796e0c4c46c42792e9df2ccf944fbb935083c2a7609489663d7f2a1a4181bfa2f8971209

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\server\classes.jsa

Filesize
10.1MB

MD5
5190da359da02adb27d5933bfc683f6c

SHA1
93ed6a544c3507c7eb10f34f7b7fd7b854fe53a1

SHA256
ee4a99f4610f9c7ab0b96e0b6b843caa7765673584024075d11546d7d9c7179d

SHA512
315cd5a10e6cb07dafa4fb97bd67d21ea404877f0437818cc2e1318beb4f436bdbe26701e7886e0fdb423fabd1c3fbd1d4b5b59e47d3459c24725d2278e02e7c

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\server\jvm.dll

Filesize
12.0MB

MD5
15094944ea4d1bb9d5674e642b90a798

SHA1
bddc93ee5be01204a8ac62311397ef244c8a6de0

SHA256
a839e39ea903d713ee3c531a73790a7c8155af4af954a030b3f1d401bd52eef2

SHA512
1bb6559ec31a2f679f92ce0833f995234be2b78c93547e0a24330ada68f524ded9b69953efb6dcf4ac7b0f4b0686fd7e4f469024003bdd54b3a50358a9e3b949

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\server\jvm.dll

Filesize
12.0MB

MD5
15094944ea4d1bb9d5674e642b90a798

SHA1
bddc93ee5be01204a8ac62311397ef244c8a6de0

SHA256
a839e39ea903d713ee3c531a73790a7c8155af4af954a030b3f1d401bd52eef2

SHA512
1bb6559ec31a2f679f92ce0833f995234be2b78c93547e0a24330ada68f524ded9b69953efb6dcf4ac7b0f4b0686fd7e4f469024003bdd54b3a50358a9e3b949

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140.dll

Filesize
91KB

MD5
216159bcaa1bfe07a06de8c3d9b8f8af

SHA1
b4324e32aa0201a6d333cac94248932f15cdbf6a

SHA256
0635a22fa6f1a42b83b060d668cc5eb93f1a79c2f88c8f15ce42bb40b5bbb57b

SHA512
9889904b676315fab69d1e0f4b6d1ed33cb8cff6fe4913c85d4ef1480694d6a50f2e4066e77b2654e97695f37ee4667e4c99fc61a983f723ea7bc84dd1f0dc85

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140_1.dll

Filesize
35KB

MD5
05926bdac2087367dc160fb09a441753

SHA1
5b3e43cfe518aba359aaa4313b0f90b10632e390

SHA256
da7f745e0408c9ca916b3e5d82a7ec8a0697342da5d0f2769270ae9f826b3494

SHA512
5483ad289f94a8ded32142a7a0a211e62a60b7ade68f4147d0f96295279734adb973d4e56c671411cdef19bce685d413502f3e0ba1d46e2dc7894bc75067d4ca

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140_1.dll

Filesize
35KB

MD5
05926bdac2087367dc160fb09a441753

SHA1
5b3e43cfe518aba359aaa4313b0f90b10632e390

SHA256
da7f745e0408c9ca916b3e5d82a7ec8a0697342da5d0f2769270ae9f826b3494

SHA512
5483ad289f94a8ded32142a7a0a211e62a60b7ade68f4147d0f96295279734adb973d4e56c671411cdef19bce685d413502f3e0ba1d46e2dc7894bc75067d4ca

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\lib\modules

Filesize
25.2MB

MD5
18af24694110427acff6e4609d5cb2f8

SHA1
87be0100541e06c18a874c07c2aff3635f1a4460

SHA256
047d160ab416250c1ca8a16e2049c192fac46540fd155d70153c0cee98199dac

SHA512
cdfd07a7a655b8d5e32c4433fa1715dcf75b2d67ddeefc51042167ffc97665c5b6db9830a8bda2b0d9b7e71f337ca45ecbe91777b69251455af0ad172f84d702

Download Submit
C:\Users\Admin\Downloads\ATLauncher-setup-1.1.0.0.exe

Filesize
2.6MB

MD5
2f9d674c4b426de69d4229c7778d88c4

SHA1
9d75fdd18d4c32bc93c6c828ac3b4019db1f0931

SHA256
28272caadd4df846e1f19ca4c5932fa3ec0348f0e36a8e1395a30b2a005c7656

SHA512
fc9a5a6cb89cc61666055248391c54a2f5c0845dda72bbdbf469d3679c26b3546b7ab048c68ceeaa9f507e10ac4f83402a5303b58a465f1010608a02ec6c728f

Download Submit
C:\Users\Admin\Downloads\ATLauncher-setup-1.1.0.0.exe

Filesize
2.6MB

MD5
2f9d674c4b426de69d4229c7778d88c4

SHA1
9d75fdd18d4c32bc93c6c828ac3b4019db1f0931

SHA256
28272caadd4df846e1f19ca4c5932fa3ec0348f0e36a8e1395a30b2a005c7656

SHA512
fc9a5a6cb89cc61666055248391c54a2f5c0845dda72bbdbf469d3679c26b3546b7ab048c68ceeaa9f507e10ac4f83402a5303b58a465f1010608a02ec6c728f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 562905.crdownload

Filesize
2.6MB

MD5
2f9d674c4b426de69d4229c7778d88c4

SHA1
9d75fdd18d4c32bc93c6c828ac3b4019db1f0931

SHA256
28272caadd4df846e1f19ca4c5932fa3ec0348f0e36a8e1395a30b2a005c7656

SHA512
fc9a5a6cb89cc61666055248391c54a2f5c0845dda72bbdbf469d3679c26b3546b7ab048c68ceeaa9f507e10ac4f83402a5303b58a465f1010608a02ec6c728f

Download Submit
memory/772-454-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/772-412-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/1336-133-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/1744-1147-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2712-144-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2712-150-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2712-166-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2712-176-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-458-0x0000000000400000-0x0000000000775000-memory.dmp

Filesize
3.5MB

Download
memory/2824-419-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2824-455-0x0000000000400000-0x0000000000775000-memory.dmp

Filesize
3.5MB

Download
memory/2824-456-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2824-1133-0x0000000000400000-0x0000000000775000-memory.dmp

Filesize
3.5MB

Download
memory/2824-470-0x0000000000400000-0x0000000000775000-memory.dmp

Filesize
3.5MB

Download